cisco.ios
cisco.ios copied to clipboard
ansible-collections
cisco.ios.ios_snmp_server module is NOT applying commands correctly, so causing errors.
SUMMARY
cisco.ios.ios_snmp_server module is NOT applying commands correctly, so causing errors. The correct way this command should be applied is: snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user
But every time I run the playbook it tries to run the command like this instead: snmp-server host 10.1.1.1 version 3 priv vrf Mgmt-intf test_user ^ % Invalid input detected at '^' marker.
ISSUE TYPE
- Bug Report
COMPONENT NAME
cisco.ios.ios_snmp_server
ANSIBLE VERSION
ansible [core 2.16.6]
COLLECTION VERSION
cisco.ios 5.3.0
CONFIGURATION
CONFIG_FILE() = /projects/dmz_configuration_automation/ansible.cfg
DEFAULT_GATHERING(/projects/dmz_configuration_automation/ansible.cfg) = explicit
DEFAULT_HOST_LIST(/projects/dmz_configuration_automation/ansible.cfg) = ['/projects/dmz_configuration_automation/inv.yml']
DEFAULT_STDOUT_CALLBACK(/projects/dmz_configuration_automation/ansible.cfg) = debug
DISPLAY_SKIPPED_HOSTS(/projects/dmz_configuration_automation/ansible.cfg) = False
HOST_KEY_CHECKING(/projects/dmz_configuration_automation/ansible.cfg) = False
RETRY_FILES_ENABLED(/projects/dmz_configuration_automation/ansible.cfg) = False
OS / ENVIRONMENT
Cisco C8500-12X Cisco IOS XE Software, Version 17.03.04a
STEPS TO REPRODUCE
- name: SNMP
cisco.ios.ios_snmp_server:
config:
groups:
- group: test_group_name
version: v3
version_option: auth
read: v3read
acl_v4: snmpv3-acl
- group: test_group_name_two
version: v3
version_option: auth
read: v3read
write: v3write
acl_v4: snmpv3-acl
hosts:
- host: 10.1.1.1
version: 3
vrf: Mgmt-intf
version_option: priv
community_string: test_user
users:
- group: test_group_name
username: test_user
version: v3
authentication:
algorithm: sha
password: test_password
encryption:
priv: aes
priv_option: 128
password: test_password
state: merged
tags: snmp
EXPECTED RESULTS
Either No change: ok=1 changed=0
Or a change: ok=0 changed=1
ACTUAL RESULTS
TASK [SNMP] ***************************************************************************************************************************************************************************************************************************************************************************************************************************task path: /projects/dmz_configuration_automation/test/test.yml:26
fatal: [npdzart03]: FAILED! => {
"changed": false
}
MSG:
MODULE FAILURE
See stdout/stderr for the exact error
MODULE_STDERR:
snmp-server host 10.1.1.1 version 3 priv vrf Mgmt-intf test_user
snmp-server host 10.1.1.1 version 3 priv vrf Mgmt-intf test_user
^
% Invalid input detected at '^' marker.
npdzart03(config)#
PLAY RECAP ****************************************************************************************************************************************************************************************************************************************************************************************************************************npdzart03 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
@JuanBH255 The above issue is fixed in PR #1073, let me know if this fixes it at your end.
@roverflow has fixed been publish for me to test yet? According to the below, the latest collection version is 8.0.0 which was last updated a month ago. https://galaxy.ansible.com/ui/repo/published/cisco/ios/
@roverflow has fixed been publish for me to test yet? According to the below, the latest collection version is 8.0.0 which was last updated a month ago. https://galaxy.ansible.com/ui/repo/published/cisco/ios/
Hey, yes it has been push upstream, it is not released on galaxy yet but the repo is updated with the fix, you could take a pull from the repo and test it out
Okay I installed it via the repo like this: ansible-galaxy collection install git+https://github.com/ansible-collections/cisco.ios.git
I no longer get the error but it is also not idempotent and looks like a change every time I run the playbook. snmp-server user is also not idempotent. "changed": true, "commands": [ "snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user", "snmp-server user test_user test_group_name v3 auth sha ******** priv aes 128 ********" ],
@roverflow Below is the full output:
TASK [SNMP] ************************************************************************************************************************************task path: /projects/dmz_configuration_automation/test/test.yml:37
changed: [npdzart03] => {
"after": {
"groups": [
{
"acl_v4": "snmpv3-acl",
"group": "test_group_name",
"read": "v3read",
"version": "v3",
"version_option": "auth"
},
{
"group": "test_group_name",
"version": "v3",
"version_option": "priv"
},
{
"acl_v4": "snmpv3-acl",
"group": "test_group_name_two",
"read": "v3read",
"version": "v3",
"version_option": "auth",
"write": "v3write"
},
{
"group": "test_user",
"version": "v3",
"version_option": "priv"
}
],
"hosts": [
{
"community_string": "version",
"host": "10.1.1.1",
"traps": [
"3",
"priv",
"test_user"
],
"vrf": "Mgmt-intf"
}
],
"users": [
{
"authentication": {
"algorithm": "sha"
},
"encryption": {
"priv": "aes",
"priv_option": "128"
},
"group": "test_group_name",
"username": "test_user",
"version": "v3"
}
]
},
"before": {
"groups": [
{
"acl_v4": "snmpv3-acl",
"group": "test_group_name",
"read": "v3read",
"version": "v3",
"version_option": "auth"
},
{
"group": "test_group_name",
"version": "v3",
"version_option": "priv"
},
{
"acl_v4": "snmpv3-acl",
"group": "test_group_name_two",
"read": "v3read",
"version": "v3",
"version_option": "auth",
"write": "v3write"
},
{
"group": "test_user",
"version": "v3",
"version_option": "priv"
}
],
"hosts": [
{
"community_string": "version",
"host": "10.1.1.1",
"traps": [
"3",
"priv",
"test_user"
],
"vrf": "Mgmt-intf"
}
],
"users": [
{
"authentication": {
"algorithm": "sha"
},
"encryption": {
"priv": "aes",
"priv_option": "128"
},
"group": "test_group_name",
"username": "test_user",
"version": "v3"
}
]
},
"changed": true,
"commands": [
"snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user",
"snmp-server user test_user test_group_name v3 auth sha ******** priv aes 128 ********"
],
"invocation": {
"module_args": {
"config": {
"accounting": null,
"cache": null,
"chassis_id": null,
"communities": null,
"contact": null,
"context": null,
"drop": null,
"engine_id": null,
"file_transfer": null,
"groups": [
{
"acl_v4": "snmpv3-acl",
"acl_v6": null,
"context": null,
"group": "test_group_name",
"match": null,
"notify": null,
"read": "v3read",
"version": "v3",
"version_option": "auth",
"write": null
},
{
"acl_v4": "snmpv3-acl",
"acl_v6": null,
"context": null,
"group": "test_group_name_two",
"match": null,
"notify": null,
"read": "v3read",
"version": "v3",
"version_option": "auth",
"write": "v3write"
}
],
"hosts": [
{
"community_string": "test_user",
"host": "10.1.1.1",
"informs": null,
"traps": null,
"version": "3",
"version_option": "priv",
"vrf": "Mgmt-intf"
}
],
"if_index": null,
"inform": null,
"ip": null,
"location": null,
"manager": null,
"packet_size": null,
"password_policy": null,
"queue_length": null,
"source_interface": null,
"system_shutdown": null,
"trap_source": null,
"trap_timeout": null,
"traps": null,
"users": [
{
"acl_v4": null,
"acl_v6": null,
"authentication": {
"algorithm": "sha",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER"
},
"encryption": {
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"priv": "aes",
"priv_option": "128"
},
"group": "test_group_name",
"remote": null,
"udp_port": null,
"username": "test_user",
"version": "v3",
"version_option": null,
"vrf": null
}
],
"views": null
},
"running_config": null,
"state": "merged"
}
}
}
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
Read vars_file 'creds.yml'
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
Read vars_file 'creds.yml'
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
Read vars_file 'creds.yml'
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/vars/creds.yml"
looking for "creds.yml" at "/projects/dmz_configuration_automation/test/creds.yml"
Read vars_file 'creds.yml'
PLAY RECAP *************************************************************************************************************************************npdzart03 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0```
@JuanBH255 The play will not be idempotent as there are secrets or passwords involved in the playbook with snmp-user. It effects idempotency of module as configuration applied is not reflected in running-config for authentication. You can refer docs here for more info
@roverflow I do not like that. A module should be able to detect if the config already exists or is required to make a change. If it's not idempotent than this will look like a change is being made every time.
This was not an issue for me on collection version 5.3.0 Why is it that snmp user is idempotent in this version but not in the latest?
TASK [SNMP] *******************************************************************************************************************ok: [npdzart03] => {
"before": {
"groups": [
{
"acl_v4": "snmpv3-acl",
"group": "test_group_name",
"read": "v3read",
"version": "v3",
"version_option": "auth"
},
{
"group": "test_group_name",
"version": "v3",
"version_option": "priv"
},
{
"acl_v4": "snmpv3-acl",
"group": "test_group_name_two",
"read": "v3read",
"version": "v3",
"version_option": "auth",
"write": "v3write"
},
{
"group": "test_user",
"version": "v3",
"version_option": "priv"
}
],
"hosts": [
{
"community_string": "version",
"host": "10.1.1.1",
"traps": [
"3",
"priv",
"test_user"
],
"vrf": "Mgmt-intf"
}
],
"users": [
{
"authentication": {
"algorithm": "sha"
},
"encryption": {
"priv": "aes",
"priv_option": "128"
},
"group": "test_group_name",
"username": "test_user",
"version": "v3"
}
]
},
"changed": false,
"commands": []
}
PLAY RECAP ********************************************************************************************************************npdzart03 : ok=1 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
@JuanBH255 Yes, Unfortunately the above behavior of it being idempotent is actually a bug and was fixed in this pr here. Hence it is not idempotent
@JuanBH255 i will be closing off the issue as the above issue is resolved, please feel free to open another issue if you face any.
Thanks!
"snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user"
@roverflow What about the "snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user" command? Why is this not idempotent? this isnt using passwords/secrets in the command so should match exact running config.
@roverflow Can you reopen the issue? "snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user" works now but isnt idempotent when it should be as this isnt using passwords/secrets in the command
@roverflow Can you reopen the issue? "snmp-server host 10.1.1.1 vrf Mgmt-intf version 3 priv test_user" works now but isnt idempotent when it should be as this isnt using passwords/secrets in the command
@JuanBH255 Taking a look at that! Thanks for noticing that, will get back to you on that issue!
@JuanBH255 Could you check with the latest changes and let me know if that fixes your issue.
@JuanBH255 I would be closing this issue as the latest pr merged fixed the above issue, please feel free to open another issue if you face any.